ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Babe Generator – Create Realistic AI Girl Photos & Videos Online – CLI-powered

v1.0.0

AI babe generator — generate photorealistic attractive images from a person photo

0· 40·0 current·0 all-time
by@sparkleming
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (generate photorealistic images from a person photo) match the declared dependency on the weshop CLI and the single required env var WESHOP_API_KEY. Requiring an API key for a hosted image-generation service is proportionate to the described capability.
Instruction Scope
SKILL.md instructs the agent to use the weshop CLI and to read WESHOP_API_KEY from the environment — that stays within the stated purpose. However the included default prompt explicitly requests sexualized alteration of a person photo ("naturally undress...") and the instructions do not mention consent, age verification, or safety checks for transforming real-person images. That is a policy/ethical risk even though it is not an incoherence in technical scope.
Install Mechanism
This is an instruction-only skill (no install spec). It directs users to install weshop-cli from npm (npm install -g weshop-cli), which is a normal distribution channel but means you should inspect the npm package/repo before installing. There is no direct download-from-untrusted-URL in the skill itself.
Credentials
Only a single credential (WESHOP_API_KEY) is required and it is the stated primary credential. The SKILL.md consistently says the CLI reads the API key from that environment variable and warns not to pass it on the command line.
Persistence & Privilege
The skill does not request always: true and does not ask to modify other skill/system configs. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Scan Findings in Context
[no_code_files_or_regex_findings] expected: The static scanner found nothing because this is an instruction-only skill with no code files. The runtime behavior depends on the external weshop-cli package and the remote API domain openapi.weshop.ai referenced in SKILL.md.
Assessment
This skill is technically coherent for calling the weshop CLI with an API key, but it includes a default prompt that sexualizes and undresses real-person photos. Before installing or using it: (1) Do not upload photos of other people without explicit informed consent (and confirm ages); creating sexualized deepfakes can be illegal or violate policy. (2) Inspect the weshop-cli npm package and its GitHub repo (links in SKILL.md) to confirm its provenance and review code/permissions before installing globally. (3) Keep your WESHOP_API_KEY secret and only set it in environment variables; never paste it into prompts. (4) If you are uncomfortable with the ethical or legal risks, do not install or invoke this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cp02wzb3q0xm8gg25kv6wd84kzk5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvWESHOP_API_KEY
Primary envWESHOP_API_KEY

Comments